|
| Ref: SBL65512 |
| 91.203.92.0/22 is listed on the Spamhaus Block List - SBL |
| 91.203.92.0/22 is listed on the Don't Route or Peer List - DROP |
| 2009-10-16 18:21:52 GMT | SR04 | RIPE |
| Virus writers, malware spreaders, C&C servers |
91.203.92.75/32
Removed uatelecom.co.ua SR14
2009-04-10 09:55:33
SBL70342 MALWARE Installer (warning - do not load in graphic browser)
91.203.92.63/32
Removed uatelecom.co.ua SR04
2009-04-10 09:55:37
SBL70072 Fraud via hijacked DNS?
91.203.92.7/32
Removed uatelecom.co.ua SR04
2009-04-10 09:55:47
SBL69672 Botnet C&C control hub: Cutwail
91.203.92.47/32
Removed uatelecom.co.ua SR04
2009-04-10 09:55:48
SBL69610 Malware spyware hub
91.203.92.71/32
Removed uatelecom.co.ua SR04
2009-04-10 09:55:49
SBL69607 Malware spyware hub
91.203.92.104/32
Removed uatelecom.co.ua SR04
2009-04-10 09:55:50
SBL68463 royal-dns.com
91.203.92.103/32
Removed uatelecom.co.ua SR04
2009-04-10 09:55:51
SBL68462 royal-dns.com
91.203.92.57/32
Removed uatelecom.co.ua SR20
2009-10-16 18:22:22
SBL68198 Yambo Financials
Yambo pharmacy nameservers/webhosts
91.203.92.92/32
Removed uatelecom.co.ua SR04
2009-04-10 09:55:56
SBL67462 Malware dropper and C&C
91.203.92.1/32
Removed uatelecom.co.ua SR04
2009-04-10 09:55:56
SBL67436 uadns.co.cr / uatelecom.com.ua cybercrime hub
91.203.92.81/32
Removed uatelecom.co.ua SR04
2009-04-10 09:55:56
SBL67435 spacestormsinc.com malware dropper
91.203.92.27/32
Removed uatelecom.co.ua SR04
2009-04-10 09:56:02
SBL67318 Botnet C&C control hub
91.203.92.52/32
Removed uatelecom.co.ua SR04
2009-04-10 09:56:03
SBL67256 Malware trojan dropper sites & DNS
91.203.92.51/32
Removed uatelecom.co.ua SR04
2009-04-10 09:56:05
SBL67255 Malware trojan dropper sites & DNS
91.203.92.32/32
Removed uatelecom.co.ua SR04
2009-10-16 18:21:59
SBL67254 Malware trojan dropper sites & DNS
91.203.92.14/32
Removed uatelecom.co.ua SR04
2009-10-16 18:22:02
SBL67253 Malware dropper sites & DNS
91.203.92.13/32
Removed uatelecom.co.ua SR04
2009-10-16 18:22:02
SBL67252 Malware dropper sites & DNS
91.203.92.26/32
Removed uatelecom.co.ua SR04
2009-10-16 18:22:02
SBL67251 Malware dropper sites & DNS
91.203.92.53/32
Removed uatelecom.co.ua SR04
2008-08-21 21:54:27
SBL67250 Malware dropper sites & DNS
91.203.92.48/32
Removed uatelecom.co.ua SR04
2009-10-16 18:22:05
SBL66688 infectionscanner.com/virus-scanonline.com malware dropper
___________________________________--
[91.203.92.27]
blatundalqik.ru
[91.203.92.26]
NS2.ANTIVIRUS-2008PRO.NET
NS1.ANTIVIRUS2008PRO.COM
NS1.ANTIVIRUS-2008PRO.COM
NS1.ANTIVIRUS-2008-PRO.COM
NS2.ANTIVIRUS-2008-PRO.NET
NS1.ANTIVIRUS-2008-PRO.NET
NS1.ANTIVIRUS-2008PRO.NET
NS2.ANTIVIRUS2008PRO.COM
NS2.ANTIVIRUS2008PRO.NET
NS2.ANTIVIRUS-2008-PRO.COM
NS2.ANTIVIRUS-2008PRO.COM
NS1.ANTIVIRUS2008PRO.NET
[91.203.92.53]
NS1.COMEFORVIDSOFT.COM
NS1.HOTVID88.COM
NS1.IWILLSEETHATVIDEO.COM
NS1.MYBESTVIDEOSITE.COM
NS1.MYSOFTPORTALFREE.COM
NS1.SHOWMEGOODVIDEO.COM
NS1.VERYHODOWNLOAD.COM
NS1.YORFREEMUSICPORTAL.COM
NS2.COMEFORVIDSOFT.COM
NS2.HOTVID44.COM
NS2.HOTVID88.COM
NS2.IWILLSEETHATVIDEO.COM
NS2.MYBESTVIDEOSITE.COM
NS2.MYSOFTPORTALFREE.COM
NS2.SHOWMEGOODVIDEO.COM
NS2.VERYHODOWNLOAD.COM
NS2.YORFREEMUSICPORTAL.COM
91.203.92.13 ns0.getfreetube.com
91.203.92.13 ns1.greatfortravel.com
91.203.92.13 ns1.inewbusiness.com
91.203.92.13 ns1.onlinespywarescan.net
91.203.92.14 ns1.getfreetube.com
91.203.92.14 ns2.greatfortravel.com
91.203.92.14 ns2.inewbusiness.com
91.203.92.14 ns2.onlinespywarescan.net
91.203.92.17 ns1.ahcieqdgbv.com
91.203.92.17 ns1.bhuugvkukq.net
91.203.92.17 ns1.chbdvrnfag.com
91.203.92.17 ns1.dhbpdufyid.net
91.203.92.17 ns1.ehagvzyfrt.com
91.203.92.17 ns1.yhqicqmcpk.net
91.203.92.18 ns2.ahcieqdgbv.com
91.203.92.18 ns2.bhuugvkukq.net
91.203.92.18 ns2.chbdvrnfag.com
91.203.92.18 ns2.dhbpdufyid.net
91.203.92.18 ns2.ehagvzyfrt.com
91.203.92.18 ns2.yhqicqmcpk.net
91.203.92.19 ns1.comttex.com
91.203.92.20 ns2.comttex.com
91.203.92.26 ns1.antivirus-2008-pro.com
91.203.92.26 ns1.antivirus-2008-pro.info
91.203.92.26 ns1.antivirus-2008-pro.net
91.203.92.26 ns1.antivirus-2008-pro.org
91.203.92.26 ns1.antivirus-2008pro.com
91.203.92.26 ns1.antivirus-2008pro.info
91.203.92.26 ns1.antivirus-2008pro.net
91.203.92.26 ns1.antivirus-2008pro.org
91.203.92.26 ns1.antivirus2008pro.com
91.203.92.26 ns1.antivirus2008pro.info
91.203.92.26 ns1.antivirus2008pro.net
91.203.92.26 ns1.antivirus2008pro.org
91.203.92.26 ns2.antivirus-2008-pro.com
91.203.92.26 ns2.antivirus-2008-pro.info
91.203.92.26 ns2.antivirus-2008-pro.net
91.203.92.26 ns2.antivirus-2008-pro.org
91.203.92.26 ns2.antivirus-2008pro.com
91.203.92.26 ns2.antivirus-2008pro.info
91.203.92.26 ns2.antivirus-2008pro.net
91.203.92.26 ns2.antivirus-2008pro.org
91.203.92.26 ns2.antivirus2008pro.com
91.203.92.26 ns2.antivirus2008pro.info
91.203.92.26 ns2.antivirus2008pro.net
91.203.92.26 ns2.antivirus2008pro.org
91.203.92.29 ns1.dnsname.info
91.203.92.30 ns2.dnsname.info
91.203.92.31 ns1.flygms.com
91.203.92.31 ns1.google-nz.com
91.203.92.31 ns1.winautorun.com
91.203.92.32 ns2.flygms.com
91.203.92.32 ns2.google-nz.com
91.203.92.32 ns2.winautorun.com
91.203.92.51 ns1.bestdirectdownload.com
91.203.92.51 ns1.codecservice2.com
91.203.92.51 ns1.codecservice3.com
91.203.92.51 ns1.siteresults2.com
91.203.92.51 ns1.topsearchresults2.com
91.203.92.51 ns1.topsearchresults3.com
91.203.92.52 ns2.bestdirectdownload.com
91.203.92.52 ns2.codecservice2.com
91.203.92.52 ns2.codecservice3.com
91.203.92.52 ns2.siteresults2.com
91.203.92.52 ns2.topsearchresults2.com
91.203.92.52 ns2.topsearchresults3.com
91.203.92.53 ns1.comeforvidsoft.com
91.203.92.53 ns1.hotvid44.com
91.203.92.53 ns1.hotvid88.com
91.203.92.53 ns1.iwillseethatvideo.com
91.203.92.53 ns1.mybestvideosite.com
91.203.92.53 ns1.mysoftportalfree.com
91.203.92.53 ns1.showmegoodvideo.com
91.203.92.53 ns1.veryhodownload.com
91.203.92.53 ns1.yorfreemusicportal.com
91.203.92.53 ns2.comeforvidsoft.com
91.203.92.53 ns2.hotvid44.com
91.203.92.53 ns2.hotvid88.com
91.203.92.53 ns2.iwillseethatvideo.com
91.203.92.53 ns2.mybestvideosite.com
91.203.92.53 ns2.mysoftportalfree.com
91.203.92.53 ns2.showmegoodvideo.com
91.203.92.53 ns2.veryhodownload.com
91.203.92.53 ns2.yorfreemusicportal.com
91.203.92.55 ns1.mdabureau.com
91.203.92.55 ns2.mdabureau.com
91.203.92.67 ns1.yourtraffic.biz
91.203.92.67 ns2.yourtraffic.biz
91.203.92.69 ns1.nyhosttv.com
91.203.92.69 ns2.nyhosttv.com
91.203.92.71 ns2.adlbrite.com
91.203.92.71 ns2.googiesindication.com
91.203.92.89 ns1.faceboooks.net
91.203.92.89 ns1.faceebook-com.com
91.203.92.89 ns1.odnoklassnikis.info
91.203.92.89 ns1.odnoklassnlkl.com
91.203.92.90 ns2.faceboooks.net
91.203.92.90 ns2.faceebook-com.com
91.203.92.90 ns2.odnoklassnikis.info
91.203.92.90 ns2.odnoklassnlkl.com
91.203.92.97 ns1.ieantivirusdownload.com
91.203.92.97 ns2.ieantivirusdownload.com
___________
bapoyxaqpx.net
bbjsokauim.net
bdpnyzxeio.net
bemrmqnngu.net
bfvhjkfdbo.net
bgxhzcsfat.net
danacszbct.net
dbkcozrqme.net
dcyxwnvrek.net
ddwyimcrvz.net
dekaqumqmn.net
dfneywxasy.net
dgirsytngw.net
dhbpdufyid.net
eaelzkkodp.com
ebtadejfqm.com
ecunglllos.com
edfilygxrj.com
eexbqgybpi.com
efbkfqpcdh.com
egymoxrsoo.com
ehagvzyfrt.com
yaacalulnn.net
ybmxjhfveg.net
yckwzldmsl.net
ydhsfhmebq.net
yehzzdrsia.net
yffwteerwx.net
ygvyiujspo.net
bapoyxaqpx.net
bbjsokauim.net
bdpnyzxeio.net
bemrmqnngu.net
bfvhjkfdbo.net
bgxhzcsfat.net
danacszbct.net
dbkcozrqme.net
dcyxwnvrek.net
ddwyimcrvz.net
dekaqumqmn.net
dfneywxasy.net
dgirsytngw.net
dhbpdufyid.net
eaelzkkodp.com
ebtadejfqm.com
ecunglllos.com
edfilygxrj.com
eexbqgybpi.com
efbkfqpcdh.com
egymoxrsoo.com
ehagvzyfrt.com
yaacalulnn.net
ybmxjhfveg.net
yckwzldmsl.net
ydhsfhmebq.net
yehzzdrsia.net
yffwteerwx.net
ygvyiujspo.net
finerentals.net
ahcieqbgdv.com
allianceamonline.com
consignyourstuffonline.biz
google-nz.com
wave-electronics-co.com
_________________________
Was SBL65155:
--- DNS lookup for "sexycodecadult.com", please wait...
--- contacting nameserver: 62.176.16.161 [62.176.16.161]
sexycodecadult.com SOA
origin = sexycodecadult.com
mail addr = admin@sexycodecadult.com
serial = 2008011506
refresh = 3600 (1 hour)
retry = 7200 (2 hours)
expire = 3600000 (41 days 16 hours)
minimum ttl = 3600 (1 hour)
sexycodecadult.com NS ns2.sexycodecadult.com
sexycodecadult.com NS ns1.sexycodecadult.com
sexycodecadult.com MX 0 sexycodecadult.com
sexycodecadult.com A 62.176.16.161
ns1.sexycodecadult.com A 62.176.16.161
ns2.sexycodecadult.com A 62.176.16.161
sexycodecadult.com A 62.176.16.161
--- DNS Lookup completed
_________________
[62.176.16.161]
NS1.ANTIVIRUS2008PRO.NET
NS2.ANTIVIRUS-2008-PRO.NET
NS1.ANTIVIRUS-2008PRO.COM
NS1.ANTIVIRUS-2008-PRO.NET
NS2.ANTIVIRUS-2008PRO.COM
NS1.ANTIVIRUS2008PRO.COM
NS2.ANTIVIRUS2008PRO.COM
NS1.ANTIVIRUS-2008-PRO.COM
NS2.ANTIVIRUS2008PRO.NET
NS2.ANTIVIRUS-2008PRO.NET
NS1.ANTIVIRUS-2008PRO.NET
NS2.KVM-SECURE.COM
NS1.KVM-SECURE.COM
NS2.KVMSECURE.COM
NS1.KVMSECURE.COM
NS2.ANTIVIRUS-2008-PRO.COM
NS1.SEXYCODECADULT.COM
NS2.SEXYCODECADULT.COM
NS1.ORMONDSYSTEMS.COM
NS2.ORMONDSYSTEMS.COM
NS1.SEXTUBECODEC93.COM
NS2.SEXTUBECODEC93.COM
_________________
antivirus-2008pro.org A 62.176.16.161
ns1.antivirus-2008pro.org A 62.176.16.161
ns2.antivirus-2008pro.org A 62.176.16.161
sextubecodec93.com A 62.176.16.161
ns1.sextubecodec93.com A 62.176.16.161
ns2.sextubecodec93.com A 62.176.16.161
kvm-secure.com A 62.176.16.161
ns1.kvm-secure.com A 62.176.16.161
ns2.kvm-secure.com A 62.176.16.161
kvmsecure.com A 62.176.16.161
ns1.kvmsecure.com A 62.176.16.161
ns2.kvmsecure.com A 62.176.16.161
antivirus-2008-pro.com A 62.176.16.161
ns1.antivirus-2008-pro.com A 62.176.16.161
ns2.antivirus-2008-pro.com A 62.176.16.161
antivirus-2008pro.com A 62.176.16.161
ns1.antivirus-2008pro.com A 62.176.16.161
ns2.antivirus-2008pro.com A 62.176.16.161
sexycodecadult.com A 62.176.16.161
ns1.sexycodecadult.com A 62.176.16.161
ns2.sexycodecadult.com A 62.176.16.161
antivirus2008pro.net A 62.176.16.161
ns1.antivirus2008pro.net A 62.176.16.161
ns2.antivirus2008pro.net A 62.176.16.161
________________________________
domain: FIXASERVER.RU
type: CORPORATE
nserver: ns2.fixaserver.ru. 91.203.92.27
nserver: ns1.fixaserver.ru. 91.203.92.27
state: REGISTERED, DELEGATED
person: Private Person
phone: +7 933 7898898
e-mail: isupport@safe-mail.net
registrar: NAUNET-REG-RIPN
created: 2008.06.11
paid-till: 2009.06.11
source: TC-RIPN
domain: BLATUNDALQIK.RU
type: CORPORATE
nserver: ns2.blatundalqik.ru. 91.203.92.27
nserver: ns1.blatundalqik.ru. 91.203.92.27
state: REGISTERED, DELEGATED
person: Private Person
phone: +7 933 7898898
e-mail: isupport@safe-mail.net
registrar: NAUNET-REG-RIPN
created: 2008.07.15
paid-till: 2009.07.15
source: TC-RIPN
[91.203.92.27]
blatundalqik.ru
fixaserver.ru
fixbserver.ru
fixproblems.ru
mail.blatundalqik.ru
malafikarubik.ru
ns1.blatundalqik.ru
ns1.checkyourip.ru
ns1.fixaserver.ru
ns1.malafikarubik.ru
ns2.blatundalqik.ru
ns2.checkyourip.ru
ns2.fixaserver.ru
ns2.malafikarubik.ru
www.blatundalqik.ru
________________________________
We're picking up a new ZBot/Wsnpoem variant being spammed. AV detection is low:
Subject:
Tracking N_ 7413533228
Content:
Unfortunately we were not able to deliver postal package you sent on July the 21st in time
because the recipient's address is not correct.
Please print out the invoice copy attached and collect the package at our office
Your UPS
Attached:
WW2_ASH182.zip
Still downloads it's encrypted config file from:
http://blatundalqik.ru/revolution/rev.bin
____________________________________________
inetnum: 91.203.93.1 - 91.203.93.128
netname: ZHITOMIR-NET
descr: pool for co-location customers
country: UA
admin-c: ML7676-RIPE
tech-c: ML7676-RIPE
status: ASSIGNED PI
mnt-by: UATELECOM-MNT
source: RIPE # Filtered
person: Mark Liberman
address: Kiev, Ukraine
e-mail: m.liberman@i.ua
phone: +380963801326
nic-hdl: ML7676-RIPE
source: RIPE # Filtered
% Information related to '91.203.92.0/22AS44997'
route: 91.203.92.0/22
descr: UaTelecom ISP
origin: AS44997
mnt-by: UATELECOM-MNT
source: RIPE # Filtered
____________________________________________
inetnum: 91.203.92.0 - 91.203.95.255
netname: BASTION-NET
descr: ISP UATelecom
country: EU
org: ORG-TG39-RIPE
admin-c: ML7676-RIPE
tech-c: UNm3-RIPE
status: ASSIGNED PI
mnt-by: UATELECOM-MNT
mnt-lower: UATELECOM-MNT
mnt-routes: UATELECOM-MNT
mnt-domains: UATELECOM-MNT
remarks: *************************************************
remarks: * For spam/abuse/security issues please contact *
remarks: * abuse@uatelecom.com.ua *
remarks: *************************************************
remarks:
remarks: *************************************************
remarks: *Any questions on Peering please send to *
remarks: *ipadmin@uatelecom.com.ua *
remarks: *************************************************
source: RIPE # Filtered
organisation: ORG-TG39-RIPE
org-name: UATELECOM LLC.
org-type: OTHER
address: Ukraine, Voznesensk, Lenina 52
remarks: -------------------------
phone: +38-048-701-05-45
phone: +38-096-380-13-21
phone: +38-096-380-13-26
fax-no: +38-048-701-05-45
remarks: -------------------------
abuse-mailbox: abuse@uatelecom.com.ua
admin-c: unm1-RIPE
tech-c: unm1-RIPE
mnt-ref: UATELECOM-MNT
mnt-by: UATELECOM-MNT
source: RIPE # Filtered
role: UATelecom NOC manager
address: Voznesensk, Ukraine
admin-c: unm1-RIPE
tech-c: unm1-RIPE
nic-hdl: UNm3-RIPE
source: RIPE # Filtered
person: Mark Liberman
address: Kiev, Ukraine
phone: +380963801326
nic-hdl: ML7676-RIPE
source: RIPE # Filtered
% Information related to '91.203.92.0/22AS44997'
route: 91.203.92.0/22
descr: BTG-AS
origin: AS44997
mnt-by: UATELECOM-MNT
remarks: responsible: abuse@uatelecom.com.ua
source: RIPE # Filtered
_______________
was:
inetnum: 91.203.92.0 - 91.203.95.255
netname: UATELECOM
descr: ISP UATelecom holding LLC.
descr: Provider local registry
country: EU
org: ORG-TG39-RIPE
admin-c: VK1347-RIPE
tech-c: unm1-RIPE
status: ASSIGNED PI
mnt-by: UATELECOM-MNT
mnt-by: UATELECOM-MNT
mnt-lower: UATELECOM-MNT
mnt-routes: UATELECOM-MNT
mnt-domains: UATELECOM-MNT
remarks: ---------------------
remarks: abuse problems (spam/malware/fraud etc.) use only abuse mailbox: abuse@uatelecom.co.ua
remarks: technical issues use e-mail: ipadmin@uatelecom.co.ua
remarks: 24/7 NOC custumers support team: noc@uatelecom.co.ua
remarks: ---------------------
source: RIPE # Filtered
organisation: ORG-TG39-RIPE
org-name: UATELECOM LLC
org-type: OTHER
address: Ukraine
address: Voznesensk
address: Lenina 52
phone: +380963801321
phone: +380963801326
fax-no: +380963801326
abuse-mailbox: abuse@uatelecom.co.ua
admin-c: VK1347-RIPE
tech-c: unm1-RIPE
mnt-ref: UATELECOM-MNT
mnt-by: UATELECOM-MNT
source: RIPE # Filtered
person: Vadim Kucherov
nic-hdl: VK1347-RIPE
address: UKRAINE, TERNOPIL
phone: +380631279971
mnt-by: UATELECOM-MNT
source: RIPE # Filtered
person: UATelecom NOC manager
address: Voznesensk, Ukraine
phone: +380963801321
nic-hdl: unm1-RIPE
source: RIPE # Filtered
% Information related to '91.203.92.0/22AS44997'
route: 91.203.92.0/22
descr: UATELECOM NETWORK
origin: AS44997
mnt-by: UATELECOM-MNT
source: RIPE # Filtered
http://cidr-report.org/cgi-bin/as-report?as=AS44997
This UPS/FedEx ticket crime
Removal Procedure
To have record SBL65512 (91.203.92.0/22) removed from the SBL, the Abuse/Security representative of RIPE (or the Internet Service Provider responsible for supplying connectivity to 91.203.92.0/22) needs to contact the SBL Team by email (use this link) to explain how the spam problem has been terminated (we need to know exactly how the issue has been dealt with and that this spam problem is fully terminated). If the spam problem that caused this listing has been terminated we will normally remove the listing from the SBL without delay.
It is essential that emails to the SBL Team about this SBL listing include this exact ticket information in the email Subject:
If you are a representative of RIPE, you also need to see: Current Live RIPE SBL Listings
The SBL is an international anti-spam system maintained by The Spamhaus Project and used by Internet networks to protect users from spam sources and spam services. The SBL lists only IP addresses (not domains, email addresses, names or anything else). If you are unable to send email to someone due to this SBL listing, please contact your Internet Service Provider and show them this page - your Service Provider needs to contact the Spamhaus SBL team to resolve the issue (if you are not the Internet Service Provider, please do not contact us.)
|
